113 matches found
CVE-2026-9179
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
EUVD-2026-38661
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
CVE-2026-9179
Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...
PT-2026-51693
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...
WordPress Post List Designer – Category Post, Recent Post, Post List plugin <= 3.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Posts List Designer by Category – List Category Posts Or Recent Posts versions = 3.3.7...
CVE-2025-62937
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
EUVD-2025-36004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
CVE-2025-62937
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
CVE-2025-62937
CVE-2025-62937 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post List Featured Image . Affected range: versions from before n/a up to and including 0.5.9 . Cause: improper neutralization of input during web page generation. Impact per provided data: stored script executi...
CVE-2025-62937 WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
CVE-2025-62937 WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
PT-2025-43813
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...
WordPress plugin Post List Featured Image Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to set up a personal blog site on a PHP and MySQL based...
EUVD-2023-31189
Malicious code in bioql PyPI...
EUVD-2025-17224
Malicious code in bioql PyPI...
EUVD-2023-41824
Malicious code in bioql PyPI...
EUVD-2025-25765
Malicious code in bioql PyPI...
EUVD-2023-51627
Malicious code in bioql PyPI...
EUVD-2024-31358
Malicious code in bioql PyPI...